Why a small change to Google Chrome could have big implications for Internet users

Writer's note: Post has been updated based on feedback an official statement from Google. All new additions are in italics.

Earlier this week, a Google employee named William Chan published a post on Google Plus about the way his team was planning to solve some problems that the Chrome browser was having delivering Web addresses.

The issues, and the solution, are highly technical. But they boil down to this: in order to deliver pages faster, Google is going to make it possible for the browser to resolve Web site addresses like www.google.com into IP addresses like 216.239.51.99 that machines on the Internet can read.

Currently, Chrome follows standard industry practices to resolve Web addresses: Chrome sends a request to the underlying operating system which reaches out to another computer on the Internet known as a DNS server. This process gives a computer user control over which DNS server to use.

At this point, even if you have a moderate interest in technology, you will probably be wondering why this is news.

The changes to Chrome matter a lot because they mean Google will be in a position to steer all the traffic from Chrome browsers to Google's own DNS servers. This could provide Google with vast insight into what is happening on the Web, including on competitors' sites like Facebook.

Google's response: while this is technically true, they would never do this. (Remember the whole "don't be evil" motto.) One thing I was told, but wasn't able to confirm officially, is that doing this could potentially cause problems for Chrome users in corporate environments.

Updated 6:02 p.m. 3/16/2012: Google spokeswoman Lily Lin sent an email that clarifies that Google is not going to do this. For the techies out there she said: the DNS stub resolver that Google is building "will use the OS-configured DNS servers by default. These are the same DNS servers that the existing mechanism (calling the operating system's getaddrinfo() function) uses."

Lin also confirmed that overriding a user's settings would break a user's VPN. "We have not at all considered switching to Google Public DNS by default as it would break for many users. For instance, many users browse the web from within a corporate intranet, whose hostnames Google Public DNS does not recognize. Therefore, if we ever switched to Google Public DNS, hostnames would fail to resolve."

For the non-techies out there this means that the code changes won't put your privacy at risk. For investors, it means the new code won't be giving Google a competitive advantage. And for readers keeping score, it means I pressed the publish button too early. I apologize for being confused and for confusing you!

Depending on your perspective, this gives Google a great competitive advantage, or raises questions about the applicability of the Sherman Antitrust Act.

There's also a user privacy issue. Now, I use Google Public DNS and I'm not worried about Google secretly spying on my Internet traffic. But there is very little to stop Google should it decide there is a compelling need to closely inspect unencrypted packets hitting its DNS servers.

Author's Note: At this point it's worth clarifying a misunderstanding I had when I wrote this post that was identified by one of the readers. The way the Internet works, not all content in a communication packet is sent to a DNS server. If you are interested, I'll be explaining this in a later post, thanks to Paul Mockapetris, the founder of the domain name system, who has agreed to do an in-depth interview with Qubits.

The issue was pointed out to me by David Ulevitch, whom I interviewed last month for my post "A Closer Look at Google Public DNS." Unlike most people on the planet, Ulevitch has skin in this game. He runs a service called OpenDNS, which competes with Google Public DNS. The implications for David are that Chrome will now be able to override his users' choices. Instead of allowing the operating system to resolve an address via OpenDNS, Chrome would, at least in theory, ensure the address is resolved by Google Public DNS.

"It's a dangerous combination when you control the browser, search and DNS," Ulevitch said. "It's like Microsoft back in the day when it controlled the browser and the desktop operating system and dominated the market for office apps."

Few people realize how much information a DNS server sees can be seen by organizations that are part of the domain name system.